Malicious code in ivr (npm)

The package ivr was found to contain malicious code...

MAL-2025-24858 Malicious code in la-interactive-readerui (npm)

The package la-interactive-readerui was found to contain malicious code...

MAL-2025-32244 Malicious code in rinobot-plugin-interactive-heatmap (npm)

The package rinobot-plugin-interactive-heatmap was found to contain malicious code...

Malicious code in la-interactive-readerui (npm)

The package la-interactive-readerui was found to contain malicious code...

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn't adding more and more tools to SOC workflows but giving analysts the...

WordPress Qi Addons for Elementor plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TypeOut Text Widget vulnerability discovered by zer0gh0st in WordPress Plugin Qi Addons For Elementor versions = 1.9.2...

Libxml2: stack buffer overflow in xmllint interactive shell command handling

...

redis-rce

Redis RCE A exploit for Redis 4.x/5.x RCE, inspired by Redis post-exploitation. This repo is a modified version of . Usage: Compile exp.so from . usage: redis-rce.py -h -r RHOST -p RPORT -L LHOST -P LPORT -f FILE -a AUTH -v Redis 4.x/5.x RCE with RedisModules optional arguments: -h, --help show...

OESA-2025-1901 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 Sudo EoP Exploit PoC Rust Using Prebuild...

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Titles: Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege Author: nu11secur1ty Date: 07/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 Reference: https://portswigger.net/web-security/access-control CVE-2025-49677 Descripti...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

MAL-2025-5811 Malicious code in dot-net-interactive-kernels (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fd9b96d8e362f39434da180321dd4529c19fd43df80c54c561a2db56794270e Any computer that has this package installed or running should be considered...

WordPress Qi Addons For Elementor plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Qi Addons For Elementor versions = 1.9.1...

IDGraphs: Intrusion Detection and Analysis Using Stream Compositing

Traffic anomalies and attacks are commonplace in today's networks and identifying them rapidly and accurately is critical for large network operators. For a statistical intrusion detection system IDS, it is crucial to detect at the flow-level for accurate detection and mitigation. However, existi...

CVE-2025-50050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.7.14...

Exploit for Code Injection in Langflow

Langflow RCE Exploit CVE-2025-3248 !Python Versionhttps:...

DEBIAN-CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

UBUNTU-CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...